Q. Why am I receiving logon prompts from Outlook Anywhere clients when I have IIAuth set to Basic and NTLM?

A. A common resolution to this problem is to disable NTLM and use Basic only; however, the actual problem is related to kernel authentication in Microsoft IIS 7. Although a fix is expected in Rollup 5 for Exchange Server 2007 SP1 a workaround is available that disables the use of kernel mode authentication. To disable it, run the following command on your Client Access (CAS) servers.
%Windows%\inetsrv\appcmd.exe set config /section:system.webServer/security/authentication/windowsAuthentication /useKernelMode:false
To check the current authentication setting on the CAS use the following command:
%windir%\system32\inetsrv\appcmd.exe list config /section:system.webServer/security/authentication/windowsAuthentication

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.